Examples with NameIDInfo com.sun.identity.saml2.common.NameIDInfo used on opensource projects

Example 11 with NameIDInfo

use of com.sun.identity.saml2.common.NameIDInfo in project OpenAM by OpenRock.

the class SPACSUtils method writeFedData.

private static void writeFedData(NameID nameId, String spEntityId, String realm, SAML2MetaManager metaManager, String idpEntityId, String userName, String storageKey) throws SAML2Exception {
    final NameIDInfo info;
    final String affiID = nameId.getSPNameQualifier();
    boolean isDualRole = SAML2Utils.isDualRole(spEntityId, realm);
    AffiliationDescriptorType affiDesc = null;
    if (affiID != null && !affiID.isEmpty()) {
        affiDesc = metaManager.getAffiliationDescriptor(realm, affiID);
    }
    if (affiDesc != null) {
        if (!affiDesc.getAffiliateMember().contains(spEntityId)) {
            throw new SAML2Exception("Unable to locate SP Entity ID in the affiliate descriptor.");
        }
        if (isDualRole) {
            info = new NameIDInfo(affiID, idpEntityId, nameId, SAML2Constants.DUAL_ROLE, true);
        } else {
            info = new NameIDInfo(affiID, idpEntityId, nameId, SAML2Constants.SP_ROLE, true);
        }
    } else {
        if (isDualRole) {
            info = new NameIDInfo(spEntityId, idpEntityId, nameId, SAML2Constants.DUAL_ROLE, false);
        } else {
            info = new NameIDInfo(spEntityId, idpEntityId, nameId, SAML2Constants.SP_ROLE, false);
        }
    }
    // write fed info into data store
    SPCache.fedAccountHash.put(storageKey, "true");
    AccountUtils.setAccountFederation(info, userName);
}

Example 12 with NameIDInfo

use of com.sun.identity.saml2.common.NameIDInfo in project OpenAM by OpenRock.

the class NameIDMapping method setNameIDForNIMRequest.

private static void setNameIDForNIMRequest(NameIDMappingRequest nimRequest, String realm, String spEntityID, String idpEntityID, String targetSPEntityID, String targetNameIDFormat, String userID) throws SAML2Exception {
    if (SAML2Utils.debug.messageEnabled()) {
        SAML2Utils.debug.message("NameIDMapping.setNameIDForNIMRequest: " + "user ID = " + userID);
    }
    NameID nameID = AssertionFactory.getInstance().createNameID();
    NameIDInfo info = AccountUtils.getAccountFederation(userID, spEntityID, idpEntityID);
    nameID.setValue(info.getNameIDValue());
    nameID.setFormat(info.getFormat());
    nameID.setNameQualifier(idpEntityID);
    nameID.setSPNameQualifier(spEntityID);
    NameIDPolicy nameIDPolicy = ProtocolFactory.getInstance().createNameIDPolicy();
    nameIDPolicy.setSPNameQualifier(targetSPEntityID);
    nameIDPolicy.setFormat(targetNameIDFormat);
    nimRequest.setNameIDPolicy(nameIDPolicy);
    boolean needEncryptIt = SAML2Utils.getWantNameIDEncrypted(realm, idpEntityID, SAML2Constants.IDP_ROLE);
    if (!needEncryptIt) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("NameIDMapping.setNameIDForNIMRequest: " + "NamID doesn't need to be encrypted.");
        }
        nimRequest.setNameID(nameID);
        return;
    }
    EncryptedID encryptedID = getEncryptedID(nameID, realm, idpEntityID, SAML2Constants.IDP_ROLE);
    nimRequest.setEncryptedID(encryptedID);
}

Example 13 with NameIDInfo

use of com.sun.identity.saml2.common.NameIDInfo in project OpenAM by OpenRock.

the class NameIDMapping method processNameIDMappingRequest.

public static NameIDMappingResponse processNameIDMappingRequest(NameIDMappingRequest nimRequest, String realm, String idpEntityID) throws SAML2Exception {
    NameIDMappingResponse nimResponse = null;
    String spEntityID = nimRequest.getIssuer().getValue();
    if (spEntityID == null) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("nullSPEntityID"));
    }
    String responseID = SAML2Utils.generateID();
    if (responseID == null) {
        SAML2Utils.debug.error(SAML2Utils.bundle.getString("failedToGenResponseID"));
    }
    nimResponse = pf.createNameIDMappingResponse();
    nimResponse.setID(responseID);
    nimResponse.setInResponseTo(nimRequest.getID());
    nimResponse.setVersion(SAML2Constants.VERSION_2_0);
    nimResponse.setIssueInstant(new Date());
    nimResponse.setIssuer(SAML2Utils.createIssuer(idpEntityID));
    SAML2Utils.verifyRequestIssuer(realm, idpEntityID, nimRequest.getIssuer(), nimRequest.getID());
    NameIDPolicy nameIDPolicy = nimRequest.getNameIDPolicy();
    String targetSPEntityID = nameIDPolicy.getSPNameQualifier();
    String format = nameIDPolicy.getFormat();
    Status status = null;
    if ((format != null) && (format.length() != 0) && (!format.equals(SAML2Constants.PERSISTENT)) && (!format.equals(SAML2Constants.UNSPECIFIED))) {
        nimResponse.setNameID(nimRequest.getNameID());
        nimResponse.setEncryptedID(nimRequest.getEncryptedID());
        status = SAML2Utils.generateStatus(SAML2Constants.INVALID_NAME_ID_POLICY, SAML2Utils.bundle.getString("targetNameIDFormatUnsupported"));
    } else if ((targetSPEntityID == null) || (targetSPEntityID.length() == 0) || targetSPEntityID.equals(spEntityID)) {
        nimResponse.setNameID(nimRequest.getNameID());
        nimResponse.setEncryptedID(nimRequest.getEncryptedID());
        status = SAML2Utils.generateStatus(SAML2Constants.INVALID_NAME_ID_POLICY, SAML2Utils.bundle.getString("targetNameIDNoChange"));
    } else {
        // check if source SP has account fed
        // if yes then get nameid of targetSP
        IDPAccountMapper idpAcctMapper = SAML2Utils.getIDPAccountMapper(realm, idpEntityID);
        NameID nameID = getNameID(nimRequest, realm, idpEntityID);
        String userID = idpAcctMapper.getIdentity(nameID, idpEntityID, spEntityID, realm);
        NameIDInfo targetNameIDInfo = null;
        if (userID != null) {
            targetNameIDInfo = AccountUtils.getAccountFederation(userID, idpEntityID, targetSPEntityID);
        }
        if (targetNameIDInfo == null) {
            nimResponse.setNameID(nimRequest.getNameID());
            nimResponse.setEncryptedID(nimRequest.getEncryptedID());
            status = SAML2Utils.generateStatus(SAML2Constants.INVALID_NAME_ID_POLICY, SAML2Utils.bundle.getString("targetNameIDNotFound"));
        } else {
            NameID targetSPNameID = targetNameIDInfo.getNameID();
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("NameIDMapping.processNameIDMappingRequest: " + "User ID = " + userID + ", name ID = " + targetSPNameID.toXMLString(true, true));
            }
            nimResponse.setEncryptedID(getEncryptedID(targetSPNameID, realm, spEntityID, SAML2Constants.SP_ROLE));
            status = SAML2Utils.generateStatus(SAML2Constants.SUCCESS, null);
        }
    }
    nimResponse.setStatus(status);
    signNIMResponse(nimResponse, realm, idpEntityID, false);
    return nimResponse;
}

Example 14 with NameIDInfo

use of com.sun.identity.saml2.common.NameIDInfo in project OpenAM by OpenRock.

the class AccountUtils method removeAccountFederation.

/**
     * Removes the account federation of a user.
     * @param info <code>NameIDInfo</code> object. 
     * @param userID user identifier for which the account federation is to
     *               be removed.
     * @return true if the account federation is removed successfully.
     * @exception WSFederationException if any failure.
     */
public static boolean removeAccountFederation(NameIDInfo info, String userID) throws WSFederationException {
    String classMethod = "AccountUtils.removeAccountFederation: ";
    WSFederationUtils.debug.message(classMethod);
    if (info == null) {
        throw new WSFederationException(WSFederationUtils.bundle.getString("nullNameIDInfo"));
    }
    if (userID == null) {
        throw new WSFederationException(WSFederationUtils.bundle.getString("nullUserID"));
    }
    try {
        Set existingFed = WSFederationUtils.dsProvider.getAttribute(userID, getNameIDInfoAttribute());
        Set existingInfoKey = WSFederationUtils.dsProvider.getAttribute(userID, getNameIDInfoKeyAttribute());
        if (existingFed == null || existingFed.isEmpty()) {
            if (WSFederationUtils.debug.messageEnabled()) {
                WSFederationUtils.debug.message(classMethod + "user does not have account federation infos.");
            }
            return false;
        }
        String infoValue = info.toValueString();
        String infoKeyValue = info.getNameIDInfoKey().toValueString();
        if (WSFederationUtils.debug.messageEnabled()) {
            WSFederationUtils.debug.message(classMethod + "info to be removed:" + infoValue + "user=" + userID + "infoKeyValue = " + infoKeyValue);
        }
        if (existingFed.contains(infoValue)) {
            existingFed.remove(infoValue);
            if (existingInfoKey != null && existingInfoKey.contains(infoKeyValue)) {
                existingInfoKey.remove(infoKeyValue);
            }
            Map map = new HashMap();
            map.put(getNameIDInfoAttribute(), existingFed);
            map.put(getNameIDInfoKeyAttribute(), existingInfoKey);
            WSFederationUtils.dsProvider.setAttributes(userID, map);
            return true;
        }
        if (WSFederationUtils.debug.messageEnabled()) {
            WSFederationUtils.debug.message(classMethod + "account federation info not found.");
        }
        return false;
    } catch (DataStoreProviderException dse) {
        WSFederationUtils.debug.error(classMethod + "DataStoreProviderException", dse);
        throw new WSFederationException(dse);
    } catch (SAML2Exception se) {
        WSFederationUtils.debug.error(classMethod + "SAML2Exception", se);
        throw new WSFederationException(se);
    }
}

Example 15 with NameIDInfo

use of com.sun.identity.saml2.common.NameIDInfo in project OpenAM by OpenRock.

the class ImportBulkFederationData method saml2FederateUser.

private void saml2FederateUser(String userId, String nameIdValue) throws CLIException {
    try {
        AMIdentity amid = IdUtils.getIdentity(getAdminSSOToken(), userId);
        NameID nameId = AssertionFactory.getInstance().createNameID();
        nameId.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        if (isIDP) {
            nameId.setNameQualifier(localEntityId);
            nameId.setSPNameQualifier(remoteEntityId);
        } else {
            nameId.setNameQualifier(remoteEntityId);
            nameId.setSPNameQualifier(localEntityId);
        }
        nameId.setValue(nameIdValue);
        String role = (isIDP) ? SAML2Constants.IDP_ROLE : SAML2Constants.SP_ROLE;
        NameIDInfoKey key = new NameIDInfoKey(nameIdValue, localEntityId, remoteEntityId);
        NameIDInfo info = new NameIDInfo(localEntityId, remoteEntityId, nameId, role, true);
        Map attributes = amid.getAttributes(BulkFederation.saml2UserAttributesFed);
        Set setInfoKey = (Set) attributes.get(FSAccountUtils.USER_FED_INFO_KEY_ATTR);
        if ((setInfoKey == null) || setInfoKey.isEmpty()) {
            setInfoKey = new HashSet(2);
            attributes.put(SAML2Constants.NAMEID_INFO_KEY, setInfoKey);
        }
        setInfoKey.add(key.toValueString());
        Set setInfo = (Set) attributes.get(FSAccountUtils.USER_FED_INFO_ATTR);
        if ((setInfo == null) || setInfo.isEmpty()) {
            setInfo = new HashSet(2);
            attributes.put(SAML2Constants.NAMEID_INFO, setInfo);
        }
        setInfo.add(info.toValueString());
        amid.setAttributes(attributes);
        amid.store();
    } catch (SAML2Exception e) {
        debugError("ImportBulkFederationData.idffFederateUser", e);
        Object[] param = { userId };
        throw new CLIException(MessageFormat.format(getResourceString("import-bulk-federation-data-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (IdRepoException e) {
        debugError("ImportBulkFederationData.idffFederateUser", e);
        IOutput outputWriter = getOutputWriter();
        outputWriter.printlnError(e.getMessage());
    } catch (SSOException e) {
        debugError("ImportBulkFederationData.idffFederateUser", e);
        IOutput outputWriter = getOutputWriter();
        outputWriter.printlnError(e.getMessage());
    }
}